OAuth2 | TsgcHTTP_OAuth2_Server_Provider

This component allows to integrate External OAuth2 Providers (like Azure AD, Google, Facebook...) in your server component (like an HTP server), so an user can login using the Azure AD credentials and if the authentication is successful, the HTTP server can provide access to protected resources.

 

The server components have a property called Authorization.OAuth.OAuth2Provider where you can assign an instance of TsgcHTTP_OAuth2_Server_Provider, so if Authentication is enabled and OAuh2Provider property is attached to OAuth2 Provider Server Component, the WebSocket and HTTP Requests require a Cookie / Bearer Token to be processed, if not the connection will be closed automatically.


OAuth2Provider := TsgcHTTP_OAuth2_Server_Provider.Create(nil);
Server.Authentication.Enabled := True;
Server.Authentication.OAuth.OAuth2Provider := OAuth2Provider;

 

 

Register OAuth2 Provider

Before the server is started, you must configure the OAuth2 Providers that the server will use to authenticate. Use the method RegisterProvider to configure the OAuth2 Providers, this method has the following parameters:

 

 

Example: to configure Azure AD, it requires a tenant-id which is added to the OAuth2 URLs, ClientId, ClientSecret, Scope and a CallbackURL.

 

  RegisterProvider(
    'azure',
    '90945b8d-f6b7-4b97-b2bd-21c3c90b5f3x',
    'PN67Q~5m06c-~X_GMyMf9zMntmm5l2dt~3jVq',
    'https://login.microsoftonline.com/a0ca2055-5dd1-467f-bf13-291f6fd715c6/oauth2/v2.0/authorize',
    'https://login.microsoftonline.com/a0ca2055-5dd1-467f-bf13-291f6fd715c6/oauth2/v2.0/token',
    'user.read',
    '/login',
    'https://localhost/callback'
    );

 

To delete an existing Provider, use the method UnRegisterProvider.

Properties

The following properties can be configured in the OAuth2Options property.

 

 

Most common uses